Developing a Maturity Model for Information System Security Management within Small and Medium Size Enterprises

2006 ◽  
Keyword(s):  
Information System ◽  
Security Management ◽  
System Security ◽  
Medium Size ◽  
Maturity Model ◽  
Information System Security

ISMS Building for SMEs through the Reuse of Knowledge

2012 ◽  
pp. 90-116
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

scholarly journals Challenges Facing Information Systems Security Management in Higher Learning Institutions: A Case Study of the Catholic University of Eastern Africa - Kenya

2014 ◽  
Vol 3 (1) ◽  
pp. 336-349
Author(s):  
Bichanga Walter Okibo ◽  
Obara Brigit Ochiche
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Higher Learning ◽  
Eastern Africa ◽  
Information Systems Security ◽  
Information System Security ◽  
Systems Security ◽  
Learning Institutions

With the popularity of internet applications, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for the challenges facing information security management in higher learning institutions. Thus this research looked into the challenges facing information systems security management in higher learning institutions. The study was guided by understanding the major challenges facing Information Systems Security Management and establishing the extent of the use of Information Systems Security Management in higher learning institutions. The study used descriptive survey design. It targeted information systems projects managers, administrators or top management and other users (staff) of the systems in key departments. Systematic sampling strategy was used. Descriptive statistics of SPSS were used to analyze the data. Factor analysis technique was used to identify the major challenges that affect management of an institution’s information system security. Pearson’s Chi-Square was used to test the relationships that exist between the categorical variables. The study found out that system vulnerability, computer crime and abuse, environmental security and financial backing/security are key challenges institutions of higher learning are experiencing in the management of their information systems. The study recommends the implementation of new policies and procedures to guide information system security. Programs for monitoring and evaluating information systems security in relation to performance indicators should be put in place. Institutions should invest heavily in developing their staff through training programmes such as seminars, workshops and conferences to further develop staff skills and abilities on information systems security issues.

ISMS Building for SMEs through the Reuse of Knowledge

2013 ◽  
pp. 394-419
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

scholarly journals Analisis Keamanan Sistem Informasi Berdasarkan Framework COBIT 5 Menggunakan Capability Maturity Model Integration (CMMI)

2019 ◽  
Vol 9 (1) ◽  
pp. 47
Author(s):  
Rusydi Umar ◽  
Imam Riadi ◽  
Eko Handoyo
Keyword(s):  
Information Technology ◽  
Information System ◽  
System Security ◽  
Security Level ◽  
Maturity Model ◽  
Information System Security ◽  
Capability Maturity ◽  
Information Technology Security ◽  
Technological Developments ◽  
Access Rights

Information technology is a very important part of a company or institution. The information system itself is expected to provide better benefits for companies or institutions. However, along with technological developments are often misused by some irresponsible parties that can lead to threats of the use of technology. Information system security is very important for institutions to maintain information optimally and safely. The existence of a security problem triggers a procedure to control access rights in an information system. A good information system is an information system that can be assessed at a security level, so that it can provide comfort for users. COBIT 5 as an information technology security control standard. Whereas to achieve the standard level of achievement CMMI is needed in information technology security. The combination of the two standards in the information system is able to provide a level of achievement of information technology. The results obtained from the maturity value are 4,458 which means the institutions are at the Managed and Measurable level. This level, institutions are increasingly made aware of technological developments. Institutions have implemented the quantification concept in each process, and are always monitored and controlled for performance. Information system security at this level is good, it's just that it still needs innovation and development to be ready, fast and right in handling security threats.

Sign in / Sign up

Export Citation Format

Share Document